Overview
- Movia notified Denmark’s civil protection agency, which is assessing vulnerabilities across 469 Chinese-built electric buses, including 262 from Yutong.
- Norway’s operator Ruter said isolated tests on two Yutong buses revealed manufacturer remote access enabled by a Romanian SIM used for updates and troubleshooting.
- Ruter reported no evidence of malicious activity but warned the same access could theoretically disable systems or lock doors.
- Investigators rejected removing SIM cards as a countermeasure because it would cut essential telematics and operational systems.
- Yutong says access supports maintenance, EU vehicle data are stored at AWS Frankfurt with encryption and customer authorization, and operators are weighing firewalls and procurement safeguards.